lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 4 May 2023 10:44:59 +0800
From:   kernel test robot <yujie.liu@...el.com>
To:     "Liam R. Howlett" <Liam.Howlett@...cle.com>
CC:     <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-mm@...ck.org>,
        "Andrew Morton" <akpm@...ux-foundation.org>,
        <linux-kernel@...r.kernel.org>, <maple-tree@...ts.infradead.org>,
        "Liam R. Howlett" <Liam.Howlett@...cle.com>
Subject: Re: [PATCH 23/34] maple_tree: Try harder to keep active node after
 mas_next()

Hello,

kernel test robot noticed "BUG:Bad_rss-counter_state_mm:#type:MM_FILEPAGES_val" on:

commit: e56e7042dca07a9de8c957c1d67f246b8f8183ee ("[PATCH 23/34] maple_tree: Try harder to keep active node after mas_next()")
url: https://github.com/intel-lab-lkp/linux/commits/Liam-R-Howlett/maple_tree-Fix-static-analyser-cppcheck-issue/20230425-233958
base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/all/20230425140955.3834476-24-Liam.Howlett@oracle.com/
patch subject: [PATCH 23/34] maple_tree: Try harder to keep active node after mas_next()

in testcase: trinity
version: 
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/

compiler: gcc-11
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <yujie.liu@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202305041024.5bf914bf-yujie.liu@intel.com


[   25.976555][ T2770] BUG: Bad rss-counter state mm:00000000f0004b17 type:MM_FILEPAGES val:2467
[   25.979876][ T2770] BUG: Bad rss-counter state mm:00000000f0004b17 type:MM_ANONPAGES val:815
[   25.981154][ T2770] BUG: non-zero pgtables_bytes on freeing mm: 53248
[   26.897355][ T3061] Zero length message leads to an empty skb
[   26.935222][   T26] audit: type=1326 audit(1682538244.461:4): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=3061 comm="trinity-c2" exe="/bin/trinity" sig=9 arch=c000003e syscall=8 compat=0 ip=0x454ba7 code=0x0
[   26.939639][ T1430] [main] 10391 iterations. [F:7791 S:2536 HI:1723]
[   26.939649][ T1430]
[   27.950645][   T26] audit: type=1326 audit(1682538245.477:5): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=2950 comm="trinity-c0" exe="/bin/trinity" sig=9 arch=c000003e syscall=8 compat=0 ip=0x454ba7 code=0x0
[   30.095254][   T26] audit: type=1326 audit(1682538247.625:6): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=3070 comm="trinity-c5" exe="/bin/trinity" sig=9 arch=c000003e syscall=8 compat=0 ip=0x454ba7 code=0x0
[   30.269599][ T3095] scsi_nl_rcv_msg: discarding partial skb
[   31.025282][   T26] audit: type=1326 audit(1682538248.553:7): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=3099 comm="trinity-c0" exe="/bin/trinity" sig=9 arch=c000003e syscall=8 compat=0 ip=0x454ba7 code=0x0
[   32.299465][ T1430] [main] 20608 iterations. [F:15638 S:4833 HI:1813]
[   32.299476][ T1430]
[   33.365345][ T3089] can: request_module (can-proto-3) failed.
[   34.241128][ T3280] futex_wake_op: trinity-c7 tries to shift op by -1; fix this program
[   41.300839][ T1430] [main] 31062 iterations. [F:23567 S:7302 HI:2941]
[   41.300851][ T1430]
[   41.395010][ T3261] futex_wake_op: trinity-c4 tries to shift op by 1917; fix this program
[   51.944041][ T3471] BUG: Bad rss-counter state mm:00000000dcb60c0e type:MM_FILEPAGES val:2467
[   51.945501][ T3471] BUG: Bad rss-counter state mm:00000000dcb60c0e type:MM_ANONPAGES val:860
[   51.946758][ T3471] BUG: non-zero pgtables_bytes on freeing mm: 53248
[   53.949886][ T2770] BUG: Bad rss-counter state mm:000000005666b194 type:MM_FILEPAGES val:2467
[   53.951288][ T2770] BUG: Bad rss-counter state mm:000000005666b194 type:MM_ANONPAGES val:847
[   53.952547][ T2770] BUG: non-zero pgtables_bytes on freeing mm: 53248
[   56.044667][ T1430] [main] 41190 iterations. [F:31257 S:9679 HI:2944]
[   56.044680][ T1430]
[   57.218048][ T3537] BUG: Bad rss-counter state mm:00000000076661cb type:MM_ANONPAGES val:4
[   57.219389][ T3537] BUG: non-zero pgtables_bytes on freeing mm: 16384
[   58.107193][ T2770] BUG: Bad rss-counter state mm:000000003f7bfeb5 type:MM_FILEPAGES val:2467
[   58.108592][ T2770] BUG: Bad rss-counter state mm:000000003f7bfeb5 type:MM_ANONPAGES val:846
[   58.109885][ T2770] BUG: non-zero pgtables_bytes on freeing mm: 53248
[   60.294818][   T26] audit: type=1326 audit(1682538277.821:8): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=3565 comm="trinity-c6" exe="/bin/trinity" sig=9 arch=c000003e syscall=8 compat=0 ip=0x454ba7 code=0x0
[   62.443729][   T26] audit: type=1326 audit(1682538279.973:9): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=3589 comm="trinity-c4" exe="/bin/trinity" sig=9 arch=c000003e syscall=8 compat=0 ip=0x454ba7 code=0x0

kvm=(
qemu-system-x86_64
-enable-kvm
-cpu SandyBridge
-kernel $kernel
-initrd initrd-vm-meta-89.cgz
-m 16384
-smp 2
-device e1000,netdev=net0
-netdev user,id=net0,hostfwd=tcp::32032-:22
-boot order=nc
-no-reboot
-device i6300esb
-watchdog-action debug
-rtc base=localtime
-serial stdio
-display none
-monitor null
)

append=(
ip=::::vm-meta-89::dhcp
root=/dev/ram0
RESULT_ROOT=/result/trinity/300s/vm-snb/quantal-x86_64-core-20190426.cgz/x86_64-kexec/gcc-11/e56e7042dca07a9de8c957c1d67f246b8f8183ee/1
BOOT_IMAGE=/pkg/linux/x86_64-kexec/gcc-11/e56e7042dca07a9de8c957c1d67f246b8f8183ee/vmlinuz-6.3.0-rc5-00661-ge56e7042dca0
branch=linux-review/Liam-R-Howlett/maple_tree-Fix-static-analyser-cppcheck-issue/20230425-233958
job=/job-script
user=lkp
ARCH=x86_64
kconfig=x86_64-kexec
commit=e56e7042dca07a9de8c957c1d67f246b8f8183ee
initcall_debug
nmi_watchdog=0
vmalloc=256M
initramfs_async=0
page_owner=on
max_uptime=1200
result_service=tmpfs
selinux=0
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
net.ifnames=0
printk.devkmsg=on
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
drbd.minor_count=8
systemd.log_level=err
ignore_loglevel
console=tty0
earlyprintk=ttyS0,115200
console=ttyS0,115200
vga=normal
rw
rcuperf.shutdown=0
watchdog_thresh=240
)

"${kvm[@]}" -append "${append[*]}"


To reproduce:

        # build kernel
	cd linux
	cp config-6.3.0-rc5-00661-ge56e7042dca0 .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.


-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests

View attachment "config-6.3.0-rc5-00661-ge56e7042dca0" of type "text/plain" (130176 bytes)

View attachment "job-script" of type "text/plain" (4407 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (29072 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ